Until 2 months ago, Mt. Gox was using unsalted MD5 hashing to protect its Bitcoin users' passwords. The site was lucky -- very lucky -- that it added the salt right before it lost its database. (Source: Google Images)

Bitcoin enthusiasts have been forced to realize that exchange closures are a reality of modern economics. (Source: Nerd Merit Badges)

A very real unresolved issue facing the market is what to do about botnet miners. (Source: Google Images)

Market still hasn't been reopened, three days later

DailyTech was among the first to report on the massive hack of Mt. Gox and was the first to correctly note that the world's largest Bitcoin exchange was using a mix of unsalted MD5 (very insecure) and salted MD5 (somewhat secure) passwords.

Since the Sunday events, Mt. Gox has been scrambling to reopen and reform.

I. Confirmation -- Insecure Standard Was Used for Over a Year

Mt. Gox revealed on Monday that the forum posts by administrators and Mt. Gox users (which we cited) were correct -- some of the accounts were unsalted.

If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM.

[Update - 2:06 GMT] What we know and what is being done.

It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.

Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.

We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified.

Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT.

When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password.

Once Mt.Gox is back online, trades 218869~222470 will be reverted.

The fact that Mt. Gox was using salted MD5 is somewhat disappointing as for a financial institution -- particularly an exchange that handles nearly 90 percent of the $130M+ USD of Bitcoins in existence -- you would expect them to only use the latest and greatest in encryption (like the salted SHA-512, which they are now migrating too).

The fact that up until 2 months ago they used unsalted MD5 -- which has been easily crackable by rainbow tables and brute force attacks for years -- is downright disturbing. As it is, it appears very, very lucky that Mt. Gox decided to migrate to salted MD5 when it did. Otherwise the damage might have taken weeks or months to revert, not days.

While there's no proof of causation, perhaps the attacks on Sony Corp. (TYO:6758) proved a wakeup call for Mt. Gox. As a result it decided to patch up its blatantly unacceptable hashing scheme with a slightly better one, just in the nick of time.

II. Out With The Old, In With the New

At least Mt. Gox seems to have learned its lesson. It writes:

SHA-512 multi-iteration salted hashing is in enabled and ready for when we get users reactivating their accounts

We are going to push our relaunch time to 2:00am GMT tomorrow so we have time to launch a our new backend and withdraw passwords.

This is a very good sign. In and of itself "salting" the hash is an approach whose quality is highly dependent on how often you use the same salt. While not as good as unique salting, iterative salts promise that the same salt is not used for all users' hashed passwords. Thus it's harder to crack. Combined with the superior strength of SHA-512, this scheme should be very strong by today's cracking methods and computing power, as long as the code that generates the salts is never leaked.

For the time being, deposits that were send to Mt.Gox accounts that were not in accounts before we took things offline will be in a "pending" status. Once we have the new backend in place, we will start processing these pending deposits and withdraws. Also, shortly after the backend is up and running we will allow customers with newly reclaimed accounts to login to Mt.Gox, and use the site as per usual, with the exception that active trading will be disabled. Users may place orders to buy or sell, but they will be queued until we enable trading, which will most likely be a couple of hours after users are able to login to Mt.Gox.

Thanks again for your continued patience and understanding while we work to get Mt.Gox back online.

The exchange will reopen at $17.50 USD per Bitcoin. Expect a reopening sometime later this week or next week.

III. An Important Lesson, But More Tough Questions Remain

The Mt. Gox incident was a valuable lesson to the proponents of Bitcoin.

First, it taught them that no matter how "evil" it seemed, there are absolutely cases where markets must be closed from trading. Hopefully, this will now lead to the major exchanges agreeing to close trading early on some days to slow the violent volatility from major inflation or deflation, making Bitcoins "more currency-like".

Second, it taught anyone who runs a Bitcoin exchange that it's absolutely mandatory to use the latest in hashing and salting technology. Weak hashing alone was not enough to protect Mt. Gox, as its attackers quickly exploited over 1,000 accounts.

Bitcoin users can learn a similar lesson from these events -- they must strongly encrypt their local wallet.dat file. There are now trojans in the wild that are stealing Bitcoins from open wallets. The moral of the story -- the necessity of encryption -- is thus equally applicable on both sides of the Bitcoin use (pun not intended).

Of course, additionally, just don't store your wallet on systems you believe might be compromised as an optimistic trojan could wait for you to decrypt your wallet file and then strike.

That said, one very daunting question still facing Bitcoin is the question of mining abuses. A recent Symantec article wrote that botnets of infected computers could mine Bitcoins to make as much as $100,000 USD a month. Such abuse is a major threat to the burgeoning Bitcoin economy if it becomes prevalent as it will both rob innocent miners of their loot and delegitimize the movement itself by equating Bitcoin mining to supporting the spread of malware.

This is a far more troubling problem than the previous ones. The community will have to think long and hard to come up with a good answer.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

"The USD has value because the US government provides a guarantee of it's value."

Oh really?

So the US Government has promised you that you'll be able to buy WHAT for a dollar? A loaf of bread? oh no.. those days are over. A gallon of milk? nope. Those days are over too.

Think about what you are saying. There is absolutely NO guarantee by the US Government that the dollar is worth ANYTHING. Perhaps you missed the memo, when Nixon eliminated the gold standard - the last time that the dollar had any guarantee. Even then, you couldn't knock on the doors of Ft. Knox and ask for your nugget of gold!

You need to read up on the definition of fiat currency. Because you are flat out, 100%, totally and completely incorrect.

The US government guarantees that the US dollar is valid to settle debts both public and private. That is 100% correct. That's what I was referring to - obviously inflation and whatnot control what a dollar can actually buy.

Bitcoins have no one standing behind them - no validity for settling debts, nothing.

Federal Reserve notes have a coerced value because the government has declared them legal tender and requires you to pay taxes in them. It also expects you to pay capital gains taxes on gold if you convert it to FRN after new FRN are issued. If not for all of that force behind FRN, there is no way people would have "accepted" them into use. A free market would be using encased gold milligrams or something. I suppose if you threaten jail and theft on alternatives, then people "want" unbacked paper with an issuer, but c'mon... there's nothing voluntary about where we are.

The US dollar has value because it's the government-backed currency of the land...it's what all wages are paid in, and what debts (both public and private) are paid in. No one "wants" dollars - they get them from their employer, and they spend them to get things.

Still don't get it though...the "mining" for them makes no sense. There's no basis for their value. It's just...wacky.

As I understand it the purpose for mining is to seed initial wealth.

This is a somewhat foreign concept in the world of real world currencies, which typically evolved over hundreds of years, based on the trade of real world commodities like gold or furs. But in effect, these resources did serve as a seeding mechanism for initial wealth. By the time the currency evolved into an abstract (non-commodity based) entity, wealth was already seeded....

The idea with Bitcoin is to skip the commodity phase and compress the seeding process to a couple decades rather than a couple centuries, by seeding by computing an algorithm.

Once wealth has been injected in the system, the idea is that it will trickle down to form a large economy, similar to the ideas of President Reagan...

Here's some graphics to consider. See a problem with the Bush tax cuts? They were far far too much. They are going to contribute more to the deficit than everything else combined. I'm so glad we think we need to give welfare to the rich. Yes, it's welfare because they don't need it in the slightest yet they can't and won't invest enough to make up that revenue. And even in they did the whopping 2%ish of GDP we get back in corporate taxes is not nearly enough to make up for that.

Bitcoins are like casino chips: they aren't issued by a government, and their value isn't based on anything realistic. You can "cash them in" at an exchange that recognizes the value of bitcoins. The exchanges and the holders form a giant p2p network to enable transactions.

It's often used to pay for criminal transactions as the transactions aren't easily(/at all?) traceable and escrow services can be used. This makes it a good method of transaction for drug dealers/hitmen/hackers etc.

Couple of issues with Symantec opening up their norton pushing pie holes.

1. Most bot nets are comprised of somewhat crapier systems then what BTC miners are using... CPU mining is ineffective as a percentage of mining compute power. For instance, a Radeon 6950 will churn out 320-340 MH/s... A hexacore i7, about less then 10 MH/s. Considering that most people rocking good hardware, are some what above the average user in capabilities, A bot net would have to be very large to make a dent in the proportion of 'shares' being mined.

Further, in cases where said systems did have decent gpus, the extra heat / noise / etc is a genuine tip off that something is wrong with your system... not to mention other issues that occur when one is mining on a daily use system.

These systems would scream 'I am really messed up, please fix me'.

2. Lets say all of that was overcome and a botnet was mining... all it would do is knock the difficulty of the next set of blocks up immensely. So even if for the first week or two, the botnet was generating bit coins hand over fist, as soon as the next interval of blocks to mine was opened, the difficulty would be reset so high that it would account for this extra processing power, and negate it.

At this point it comes down to who owns what percentage of compute power as to who recieves what portion of the BTC mined. However, taking into account both 1 and 2, the botnet would not be generating that much revenue, and would get pushed out to the corners unless the botnet was comprised of OpenCL-able or CUDA capable GPUs.

When they speak of "mining for bitcoins", there's something I'm not quite clear on. Evidently, they seem to rely heavily on GPU processing power (mostly from ATI/AMD). But what I don't get is what exactly is in the data you "mine", and what happens to that data once you find a "coin" ? It seems that the answer to this question just doesn't EXIST, and if it DOES exist, what, exactly, kind of data is it you "mine" and why? Things like this always seem a bit fishy to me. It would seem to me that if you want to create distributed computing project to, say, create a genetic sequencing engine that will allow someone to quickly tailor a genetic virus, or some other nefarious purpose, you would create a self-sustaining mini-society that actually pays money to attract the biggest baddest machines into the fray. Where are the answers to the question "what data is in a bitcoin mine?" and "where does the mined data eventually end up and who controls it?"That's what I'd like to know.

Mining means calculating hashes of a block header consisting of a merkle root of transactions, the hash of the previous block, some other stuff and a nonce. The hash must be numerically low enough to make a valid block. This is tried many times with different nonces until a valid block is found. This system makes it hard to find blocks and hence hard to reverse transactions. The more people mine, the harder double-spending becomes.

This is a peer-to-peer network based on open-source code. Nobody controls it. You can look at the source code to see exactly what it does. There's no conspiracy.

This isn't too useful if they have access to your system. If you ever want to use your wallet you have to decrypt it first and if your opponent is anything but a complete idiot they will just write then trojans to wait for you to decrypt and mount your wallet before they steal it.

The correct way to secure your wallet is to secure your system so that it's never infected in the first place (because once that happens you're effectively done).

MtGox.com is just one exchange. I use http://www.TradeHill.com, which has lower fees and seems more professional to me. I have a code that will get you 10% off your fees there if anybody wants to buy or sell bitcoins on TradeHill.com: TH-R1168

"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home